Filters

Publishing Abuse Contact Information for number resource data in the AFRINIC Whois database

Publishing Abuse Contact Information for number resource data in the AFRINIC Whois database

1.0Introduction

On 02 May 2011, the AFRINIC Board ratified a policy proposal (AFPUB-2010-GEN-006) which specifies a dedicated object to be used by AFRINIC members to publish information about the contacts responsible for addressing abuse inquiries from the number resources which the member is issued. This policy was implemented by AFRINIC on 05 May 2012. Previously, it has not been possible to explicitly declare abuse contacts for AfriNIC Whois resource data.

Although the referral to the IRT object is optional in the resource objects, AFRINIC encourages all members to actively start making use of this policy to publish abuse contact information. This chiefly ensures that complaints from anyone about abuse issues emanating from a given number resource are redirected to the appropriate individual(s).

This document recommends guidelines that concerned organizations could use while making use of this policy to avail contact persons responsible for network abuse related queries pertaining to their IP addresses and other number resources.

2.0Specifying Abuse Contacts

The IRT (Incident Response Team) Whois database object has been introduced for the purposes of availing abuse contact information for any given number resource.

IRT objects provide information about a CSIRT (Computer Security Incident Response Team), which is basically a group of individuals responsible for handling network security incidents and reports for any given organization or entity.

3.0Adding the IRT to the Whois database

Once a team that will handle abuse and other security incidents has been created/formed by an organization, the following information about the IRT should be available before attempting to create the IRT whois database object:

Name of the Incident Response Team.

Physical address, telephone and fax contacts.

E-Mail address: An e-mail address for contacting the IRT. This should be a role email address which delivers e-mail to several individuals in the IRT. It should not be any one individual’s e-mail address. This is such that if one individual is not available, another can receive and act on the issue.

Abuse E-Mail Address: A specific e-mail address to which all security incidents should be sent. This should also be a role e-mail address that delivers to several individuals.

Administrative contact: The person(s) handling admin matters for the IRT.

Technical contact: The person(s) handling technical matters for the IRT.

3.1The IRT Whois database template

Please refer to the steps below for the IRT object database template (and the steps to create it in the whois database):

Once an IRT object is created in 3.1 above, the ISP/LIR must contact AFRINIC to associate the IRT object with their number resources. This manual step can only be done by AFRINIC since AFRINIC is the maintainer of directly allocated/assigned resources. This manual process may require obtaining additional information from the member organization to verify that the entity or individual requesting the IRT association to a resource is indeed authorized to do so on behalf of that organization.

4.0Using PGP with the IRT object

“Signature” and “encryption” attributes in the IRT object require PGP keys. PGP key can also be used as an authentication scheme in the objects. Although PGP use is optional in the IRT object, we strongly recommend its usage when managing IRT data. PGP is the preferred method of use for secure e-mail communication. In order to send secure communication to the IRT and for the IRT to send out secure communication, it is necessary to use PGP by creating “key-cert” objects in the Whois database, which are basically public keys to be used for this purpose.

The public key in the “signature” attribute is for authenticating all correspondence from the Incident Response Team (IRT), while the key in the “encryption” attribute is for encrypting correspondence to the IRT.Since the process of associating an IRT object to resource objects requires authorization through the authentication scheme of the IRT object, using PGP avoids sharing the IRT clear text password with resource holders/maintainers.

5.0Finding abuse contacts for resources in AfriNIC whois

Anyone using the AFRINIC whois database to look for abuse contacts for resources allocated by AFRINIC should use contact information from the IRT object associated to the concerned resource objects before proceeding as described at http://www.afrinic.net/Registration/spam.htm if needed.

Discussions are taking place on the policy working group mailing list if you want to subscribe to the mailing send your subscription request to rpd-request [at] afrinic.net with 'Subscribe' as subject line